package com.sx.shop.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 用来整合shiro框架相关的配置类
 */
@Configuration
public class ShiroConfig {

    @Bean
    public DefaultWebSessionManager mySessionManager(){
        DefaultWebSessionManager defaultSessionManager = new DefaultWebSessionManager();
        //将sessionIdUrlRewritingEnabled属性设置成false
        defaultSessionManager.setSessionIdUrlRewritingEnabled(false);
        return defaultSessionManager;
    }
    //1.创建shiroFilter,负责拦截所有请求
    @Bean
    public ShiroFilterFactoryBean getShiroFilerFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //给filter设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

        //配置系统受限资源、配置系统公共资源
        Map<String,String> map = new LinkedHashMap<>();
        /**
         *可以实现与权限有关的拦截器
         *   anon：无需认证可以访问
         *   authc：必须认证才能访问
         *   user：若使用rememberMe功能可以直接访问
         *   perms：资源必须得到资源权限才能访问
         *   role：该资源必须得到角色权限才能访问
         */
//        map.put("/static/**","anon");
//        map.put("/css/**","anon");
//        map.put("/font/**","anon");
//        map.put("/img/**","anon");
//        map.put("/js/**","anon");
//        map.put("/layui/**","anon");
//        map.put("/plugins/**","anon");
//
        map.put("/static/plugins/**","anon");
        map.put("/static/resources/css/**","anon");
        map.put("/static/resources/images/**","anon");
        map.put("/static/resources/img/**","anon");
        map.put("/static/resources/js/**","anon");
        map.put("static/resources/css/**","anon");
        map.put("static/resources/images/**","anon");
        map.put("static/resources/img/**","anon");
        map.put("static/resources/js/**","anon");
        map.put("/resources/css/**","anon");
        map.put("resources/css/**","anon");


        map.put("/static/**","anon");
        map.put("/css/**","anon");
        map.put("/font/**","anon");
        map.put("/img/**","anon");
        map.put("/images/**","anon");
        map.put("/js/**","anon");
        map.put("/layui/**","anon");
        map.put("/plugins/**","anon");
        map.put("/login","anon");
        map.put("/login2","anon");
        map.put("/user/login","anon");
        map.put("/user/register","anon");
        map.put("/user/**","authc");
        map.put("/user/logout","authc");
        map.put("/index","authc");
        map.put("/**","authc");
//        默认认证界面路径
        shiroFilterFactoryBean.setLoginUrl("/login.html");
        shiroFilterFactoryBean.setUnauthorizedUrl("/login.html");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

        return shiroFilterFactoryBean;
    }

    //2.创建安全管理器
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //给安全管理器设置realm
        defaultWebSecurityManager.setRealm(realm);
        return defaultWebSecurityManager;
    }

    //3.创建自定义realm
    @Bean("realm")
    public Realm getRealm(){

        UserRealm userRealm = new UserRealm();
        //修改凭证校验匹配器
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        credentialsMatcher.setHashAlgorithmName("MD5");
        credentialsMatcher.setHashIterations(1024);
        userRealm.setCredentialsMatcher(credentialsMatcher);

        //开器缓存管理
        userRealm.setCacheManager(new EhCacheManager());
        //开启全局缓存
        userRealm.setCachingEnabled(true);
        //开启认证缓存
        userRealm.setAuthenticationCachingEnabled(true);
        userRealm.setAuthenticationCacheName("AuthenticationCache");
        //开启授权缓存
        userRealm.setAuthorizationCachingEnabled(true);
        userRealm.setAuthorizationCacheName("AuthorizationCache");
        return userRealm;
    }
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }

    @Bean
    public CookieRememberMeManager cookieRememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        simpleCookie.setMaxAge(259200000);
        cookieRememberMeManager.setCookie(simpleCookie);
        cookieRememberMeManager.setCipherKey(Base64.decode("6ZmI6I2j5Y+R5aSn5ZOlAA=="));
        return cookieRememberMeManager;
    }
}
